CVE-2025-53644

high

Description

OpenCV is an Open Source Computer Vision Library. Versions 4.10.0 and 4.11.0 have an uninitialized pointer variable on stack that may lead to arbitrary heap buffer write when reading crafted JPEG images. Version 4.12.0 fixes the vulnerability.

References

https://securitylab.github.com/advisories/GHSL-2025-057_OpenCV/

https://github.com/opencv/opencv/releases/tag/4.12.0

https://github.com/opencv/opencv/issues/27271

https://github.com/opencv/opencv/commit/a39db41390de546d18962ee1278bd6dbb715f466

Details

Source: Mitre, NVD

Published: 2025-07-17

Updated: 2025-10-17

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

CVSS v4

Base Score: 7.5

Vector: CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Severity: High

EPSS

EPSS: 0.00042

Detections

Analytics